Ubuntu
gnupg package

Change logs for gnupg source package in Quantal

  1. Quantal (12.10)
  2. Change log 
  • gnupg (1.4.11-3ubuntu4.4) quantal-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden>   Wed, 18 Dec 2013 11:15:37 -0500
  • gnupg (1.4.11-3ubuntu4.3) quantal-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Tue, 08 Oct 2013 07:46:59 -0400
  • gnupg (1.4.11-3ubuntu4.2) quantal-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242
 -- Seth Arnold <email address hidden>   Tue, 30 Jul 2013 15:22:19 -0700
  • gnupg (1.4.11-3ubuntu4.1) quantal-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 10:46:11 -0500
  • gnupg (1.4.11-3ubuntu4) quantal; urgency=low

  * Update config.guess,sub for aarch64
 -- Wookey <email address hidden>   Mon, 01 Oct 2012 12:56:41 +0100
  • gnupg (1.4.11-3ubuntu3) quantal-proposed; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 24 Jul 2012 10:28:39 -0400
  • gnupg (1.4.11-3ubuntu2) precise; urgency=low

  * Mark gnupg, gnupg-curl, and gpgv Multi-Arch: foreign.
 -- Colin Watson <email address hidden>   Mon, 21 Nov 2011 13:42:07 +0000